Uses of Class
org.keycloak.common.VerificationException
Package
Description
-
Uses of VerificationException in org.keycloak
Modifier and TypeMethodDescriptionRSATokenVerifier.getHeader()
Deprecated.TokenVerifier.getHeader()
RSATokenVerifier.getToken()
Deprecated.TokenVerifier.getToken()
RSATokenVerifier.parse()
Deprecated.TokenVerifier.parse()
boolean
TokenVerifier.AudienceCheck.test
(JsonWebToken t) boolean
TokenVerifier.IssuedForCheck.test
(JsonWebToken jsonWebToken) boolean
Performs a single check on the given token verifier.boolean
TokenVerifier.RealmUrlCheck.test
(JsonWebToken t) boolean
TokenVerifier.TokenTypeCheck.test
(JsonWebToken t) static void
RSATokenVerifier.verify()
Deprecated.TokenVerifier.verify()
void
TokenVerifier.verifySignature()
static AccessToken
RSATokenVerifier.verifyToken
(String tokenString, PublicKey publicKey, String realmUrl) Deprecated.static AccessToken
RSATokenVerifier.verifyToken
(String tokenString, PublicKey publicKey, String realmUrl, boolean checkActive, boolean checkTokenType) Deprecated. -
Uses of VerificationException in org.keycloak.authentication
-
Uses of VerificationException in org.keycloak.authentication.actiontoken
Modifier and TypeClassDescriptionclass
Token verification exception that bears an error to be logged via event system and a message to show to the user e.g.Modifier and TypeMethodDescriptionActionTokenHandler.startFreshAuthenticationSession
(T token, ActionTokenContext<T> tokenContext) Creates a fresh authentication session according to the information from the token. -
Uses of VerificationException in org.keycloak.broker.saml
Modifier and TypeMethodDescriptionprotected void
SAMLEndpoint.ArtifactBinding.verifySignature
(String key, SAMLDocumentHolder documentHolder) protected abstract void
SAMLEndpoint.Binding.verifySignature
(String key, SAMLDocumentHolder documentHolder) protected void
SAMLEndpoint.PostBinding.verifySignature
(String key, SAMLDocumentHolder documentHolder) protected void
SAMLEndpoint.RedirectBinding.verifySignature
(String key, SAMLDocumentHolder documentHolder) -
Uses of VerificationException in org.keycloak.crypto
Modifier and TypeMethodDescriptionstatic void
SignatureProvider.checkKeyForVerification
(KeyWrapper key, String algorithm, String type) AsymmetricClientSignatureVerifierProvider.verifier
(ClientModel client, JWSInput input) AsymmetricSignatureProvider.verifier
(KeyWrapper key) ClientSignatureVerifierProvider.verifier
(ClientModel client, JWSInput input) ECDSAClientSignatureVerifierProvider.verifier
(ClientModel client, JWSInput input) ECDSASignatureProvider.verifier
(KeyWrapper key) EdDSAClientSignatureVerifierProvider.verifier
(ClientModel client, JWSInput input) EdDSASignatureProvider.verifier
(KeyWrapper key) MacSecretClientSignatureVerifierProvider.verifier
(ClientModel client, JWSInput input) MacSecretSignatureProvider.verifier
(KeyWrapper key) SignatureProvider.verifier
(KeyWrapper key) boolean
AsymmetricSignatureVerifierContext.verify
(byte[] data, byte[] signature) boolean
ClientECDSASignatureVerifierContext.verify
(byte[] data, byte[] signature) boolean
ECDSASignatureVerifierContext.verify
(byte[] data, byte[] signature) boolean
MacSignatureVerifierContext.verify
(byte[] data, byte[] signature) boolean
ServerECDSASignatureVerifierContext.verify
(byte[] data, byte[] signature) boolean
SignatureVerifierContext.verify
(byte[] data, byte[] signature) ModifierConstructorDescriptionClientAsymmetricSignatureVerifierContext
(KeycloakSession session, ClientModel client, JWSInput input) ClientECDSASignatureVerifierContext
(KeycloakSession session, ClientModel client, JWSInput input) ClientEdDSASignatureVerifierContext
(KeycloakSession session, ClientModel client, JWSInput input) ClientMacSignatureVerifierContext
(KeycloakSession session, ClientModel client, String algorithm) ServerAsymmetricSignatureVerifierContext
(KeycloakSession session, String kid, String algorithm) ServerECDSASignatureVerifierContext
(KeycloakSession session, String kid, String algorithm) ServerEdDSASignatureVerifierContext
(KeycloakSession session, String kid, String algorithm) ServerMacSignatureVerifierContext
(KeycloakSession session, String kid, String algorithm) -
Uses of VerificationException in org.keycloak.exceptions
Modifier and TypeClassDescriptionclass
Exception thrown for cases when token is invalid due to time constraints (expired, or not yet valid).class
Thrown when token signature is invalid.class
Exception thrown on failed verification of a token. -
Uses of VerificationException in org.keycloak.forms.login.freemarker
Modifier and TypeMethodDescriptionDetachedInfoStateChecker.verifyStateCheckerParameter
(String stateCheckerParam) -
Uses of VerificationException in org.keycloak.organization.utils
Modifier and TypeMethodDescriptionstatic InviteOrgActionToken
Organizations.parseInvitationToken
(HttpRequest request) -
Uses of VerificationException in org.keycloak.protocol.oid4vc.issuance.signing
Modifier and TypeMethodDescriptionprotected SignatureVerifierContext
SigningService.getVerifier
(JWK jwk, String jwsAlgorithm) protected JWK
JwtProofBasedSigningService.validateProof
(VCIssuanceContext vcIssuanceContext) -
Uses of VerificationException in org.keycloak.protocol.oidc
-
Uses of VerificationException in org.keycloak.protocol.saml
Modifier and TypeMethodDescriptionstatic PublicKey
SamlProtocolUtils.getEncryptionKey
(ClientModel client) Returns public part of SAML encryption key from the client settings.static PublicKey
SamlProtocolUtils.getPublicKey
(ClientModel client, String attribute) static PublicKey
SamlProtocolUtils.getSignatureValidationKey
(ClientModel client) Returns public part of SAML signing key from the client settings.static void
SamlProtocolUtils.verifyDocumentSignature
(ClientModel client, Document document) Verifies a signature of the given SAML document using settings for the given client.static void
SamlProtocolUtils.verifyDocumentSignature
(Document document, KeyLocator keyLocator) Verifies a signature of the given SAML document using keys obtained from the given key locator.static void
SamlProtocolUtils.verifyRedirectSignature
(SAMLDocumentHolder documentHolder, KeyLocator locator, jakarta.ws.rs.core.MultivaluedMap<String, String> encodedParams, String paramKey) static void
SamlProtocolUtils.verifyRedirectSignature
(SAMLDocumentHolder documentHolder, KeyLocator locator, jakarta.ws.rs.core.UriInfo uriInformation, String paramKey) protected abstract void
SamlService.BindingProtocol.verifySignature
(SAMLDocumentHolder documentHolder, ClientModel client) protected void
SamlService.PostBindingProtocol.verifySignature
(SAMLDocumentHolder documentHolder, ClientModel client) protected void
SamlService.RedirectBindingProtocol.verifySignature
(SAMLDocumentHolder documentHolder, ClientModel client) -
Uses of VerificationException in org.keycloak.saml.processing.core.util
Modifier and TypeMethodDescriptionstatic boolean
RedirectBindingSignatureUtil.validateRedirectBindingSignature
(SignatureAlgorithm sigAlg, byte[] rawQueryBytes, byte[] decodedSignature, KeyLocator locator, String keyId) -
Uses of VerificationException in org.keycloak.sdjwt
Modifier and TypeMethodDescriptionstatic com.fasterxml.jackson.databind.node.ArrayNode
SdJwtUtils.decodeDisclosureString
(String disclosure) static String
static long
SdJwtUtils.readTimeClaim
(com.fasterxml.jackson.databind.JsonNode payload, String claimName) void
SdJwt.verify
(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts verificationOpts) Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.void
SdJws.verifyAge
(int maxAge) Verifies that the JWS is not too old.void
SdJws.verifyExpClaim()
void
SdJws.verifyIssClaim
(List<String> issuers) Verifies that SD-JWT was issued by one of the provided issuers.void
SdJwtVerificationContext.verifyIssuance
(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, PresentationRequirements presentationRequirements) Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.void
SdJws.verifyIssuedAtClaim()
void
SdJws.verifyNotBeforeClaim()
void
SdJwtVerificationContext.verifyPresentation
(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts, PresentationRequirements presentationRequirements) Verifies SD-JWT presentation.void
IssuerSignedJWT.verifySdHashAlgorithm()
Verifies that the SD hash algorithm is understood and deemed secure.void
SdJwtFacade.verifySdJwt
(SdJwt sdJwt, List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts verificationOpts) Verify the SD-JWT using the provided signature verification keys.void
SdJws.verifySignature
(SignatureVerifierContext verifier) void
SdJws.verifyVctClaim
(List<String> vcts) Verifies that SD-JWT vct claim matches the expected one. -
Uses of VerificationException in org.keycloak.sdjwt.consumer
Modifier and TypeMethodDescriptionvoid
PresentationRequirements.checkIfSatisfiedBy
(com.fasterxml.jackson.databind.JsonNode disclosedPayload) Ensures that the configured requirements are satisfied by the presentation.void
SimplePresentationDefinition.checkIfSatisfiedBy
(com.fasterxml.jackson.databind.JsonNode disclosedPayload) Checks if the provided JSON payload satisfies all required field patterns.JwtVcMetadataTrustedSdJwtIssuer.resolveIssuerVerifyingKeys
(IssuerSignedJWT issuerSignedJWT) TrustedSdJwtIssuer.resolveIssuerVerifyingKeys
(IssuerSignedJWT issuerSignedJWT) Resolves potential verifying keys to validate the Issuer-signed JWT.void
SdJwtPresentationConsumer.verifySdJwtPresentation
(SdJwtVP sdJwtVP, PresentationRequirements presentationRequirements, List<TrustedSdJwtIssuer> trustedSdJwtIssuers, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts) Verify SD-JWT presentation against specific requirements. -
Uses of VerificationException in org.keycloak.sdjwt.vp
Modifier and TypeMethodDescriptionvoid
SdJwtVP.verify
(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts) Verifies SD-JWT presentation. -
Uses of VerificationException in org.keycloak.services.resources
Modifier and TypeMethodDescriptionstatic void
LoginActionsServiceChecks.checkIsClientValid
(KeycloakSession session, ClientModel client) Verifies whether the client denoted by client ID in token'siss
(issuedFor
) field both exists and is enabled.static <T extends JsonWebToken>
voidLoginActionsServiceChecks.checkIsClientValid
(T token, ActionTokenContext<T> context) Verifies whether the client denoted by client ID in token'siss
(issuedFor
) field both exists and is enabled.static void
LoginActionsServiceChecks.checkIsUserValid
(KeycloakSession session, RealmModel realm, String userId, Consumer<UserModel> userSetter, EventBuilder event) Verifies whether the user given by ID both exists in the current realm.static <T extends JsonWebToken & SingleUseObjectKeyModel>
voidLoginActionsServiceChecks.checkIsUserValid
(T token, ActionTokenContext<T> context, EventBuilder event) Verifies whether the user given by ID both exists in the current realm.static <T extends JsonWebToken & SingleUseObjectKeyModel>
voidLoginActionsServiceChecks.checkTokenWasNotUsedYet
(T token, ActionTokenContext<T> context) static <T extends JsonWebToken>
booleanLoginActionsServiceChecks.doesAuthenticationSessionFromCookieMatchOneFromToken
(ActionTokenContext<T> context, AuthenticationSessionModel authSessionFromCookie, String authSessionCompoundIdFromToken) This check verifies that current authentication session is consistent with the one specified in token.boolean
LoginActionsServiceChecks.AuthenticationSessionUserIdMatchesOneFromToken.test
(JsonWebToken t) boolean
LoginActionsServiceChecks.IsActionRequired.test
(JsonWebToken t) boolean
LoginActionsServiceChecks.IsRedirectValid.test
(JsonWebToken t) -
Uses of VerificationException in org.keycloak.services.util
Modifier and TypeMethodDescriptionDPoPUtil.Validator.validate()
static void
DPoPUtil.validateBinding
(AccessToken token, DPoP dPoP)